CVE-2025-26348

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP reques...

CVE-2025-26346

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserGroupMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP...

CVE-2025-26346

The CVE-2025-26346 entry concerns Q-Free MaxTime

Q-Free MAXTIME Suite SQL注入漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A SQL injection vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from the editUserGroupMenu endpoint in maxprofile/menu/model.lua that does not properly handle user...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-7348)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7348 advisory. - Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execu...

CVE-2025-22992

A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project = 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions...

CVE-2025-22992

CVE-2025-22992 affects Emoncms (version 11.6.9 and later) via SQL Injection in the /feed/insert.json endpoint. The vulnerability stems from improper handling of user-supplied input in the data query parameter, enabling attackers to execute arbitrary SQL commands under specific conditions. Reporte...

CVE-2022-48603

A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48601

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48585

A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2025-22700

CVE-2025-22700 : WordPress Traveler Code plugin up to 3.1.1 contains an SQL injection due to improper neutralization of input elements, enabling authenticated subscribers to execute arbitrary SQL. The issue affects Traveler Code versions up to 3.1.1 and has a high impact (per CVSS 3.1 score 8.5)....

PT-2025-4390 · Joomla · Js Jobs Plugin

Name of the Vulnerable Software and Affected Versions: JS Jobs plugin versions 1.1.5 through 1.4.2 for Joomla Description: A SQL injection issue allows authenticated attackers, specifically administrators, to execute arbitrary SQL commands. This is achieved via the fieldfor parameter in the GDPR...

CVE-2025-24958

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, salvartag.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This...

CVE-2025-24905 SQL Injection endpoint 'get_codigobarras_cobranca.php' parameter 'codigo' in WeGIA

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, getcodigobarrascobranca.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive...

CVE-2025-24958 SQL Injection endpoint 'salvar_tag.php' parameter 'id_tag' in WeGIA

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, salvartag.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This...

CVE-2025-25181

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...

WordPress Traveler Code plugin < 3.1.3 - Subscriber+ Arbitrary SQL Execution vulnerability

Subscriber+ Arbitrary SQL Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Traveler Code versions 3.1.3...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

Amazon Linux 2 : postgresql (ALAS-2025-2733)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2733 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...